I have to say that I find this a little confusing. I've got a very strange environment here - multiple organizations (2 companies merged) and different security settings for each. Also within each org - there are different requirements / needs for the various agents.
I'd love to have all my agents configured the same, but it's near to impossible at the moment. So I've got a variety of settings configured, multiple UC_HOSTCHAR_* variables, some with ANONYMOUS_* = Y and others to N. And some agents (UNIX) with login_check=yes and some agents (Windows) with login_check=no.
Additionally, just ran into another scenario where I have a UNIX agent installed on a JDE server - but the only reason to date we needed that agent was for a GET_FILESYSTEM call. No jobs were actually running on the agent, so for security reasons, we left the agent owned by the OS user, not root. This worked fine, but now I DO want to run jobs as the OS user. I still don't have to have the agent owned by root, but it appears I have to have ANONYMOUS_* set to N and login_check=no to get jobs to run.
:s
So confused on what the best practice here and the implications of all these things. I want to have the most secure system as I can, but honestly, this is a lot of trouble. :)
Anyone else have a complex environment like this and how to you handle / manage? I don't want to have a UC_HOSTCHAR_* variable for each agent, but seems like I need to have more than the DEFAULT for sure.
If anyone has any thoughts / comments specifically on this topic and/or the security aspects of the various settings - I'd love to hear it.
TIA.